LenovoLENOVO:PS500232-SMI-HANDLER-VULNERABILITY-IN-LEGACY-IBM-SYSTEM-X-AND-IBM-BLADECENTER-SYSTEMS-NOSIDSMI Handler Vulnerability in legacy IBM System x and IBM BladeCenter systems - Lenovo Support NL
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
Lenovo Security Advisory: LEN-25165
Potential Impact: Denial of service
Severity: Medium
Scope of Impact: Lenovo-specific
CVE Identifier: CVE-2019-6155
Summary Description:
During an internal security review, a potential vulnerability was found in an SMI handler in certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update to the version of BIOS (or later) described for your system in the product impact section.
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C